On Wed, 21 Nov 2001, Luie delos Santos wrote: > Questions: > 1) Will the linux box prevent viruses from penetrating Win98/NT PCs in Building A?
Ummm not really. Most virii and worms spread through email, and known exploits of common and not so common services and ports. Now, if you ahve a firewall setup that blocks EVERY incoming packet except for those destined to port 80 (assuming you have a web server behind the firewall) then you would be reasonably safe from most worms and virii trying to hit your machines, UNLESS those littel beasties are trying to exploit a webserver exploit that uses port 80. Since you left port 80 open, you are still defensless to attacks that use that port. To stop or at least hope to stop virii from spreading among your workstations and such, one really good idea would be to A: put a virus checker on yoru mail server that will scan and disinfect email that comes in with malicious attachemnts, etc on them. An even better way would be to set the mail server to completely deny any mail with an attachment anyway. But no... a firewall is not, in and of itself going to protect you from the many millions of windows virii and other nasty things floating around out there... it will protect you from port scans, and probes from things like Nimda, Code Red, et. al. > 2) What is the minimum hardware specs of the linux box that you can recommend? My personal firewall box at home is a Pent 100 with 32 megs of ram, and two 3Com 10/100 NICs. it has an 800 meg hard disk, and ALL it does is block ports and incoming connections. I used to work somewhat for an isp who also used a similar setup for their firewall. Theirs was a pentium 133 with 64 megs ram that was nothing but a firewall box. Once you get these up and running properly, they are really pretty stout, and will be incredibly reliable. but remember this important advice: ANY FIREWALL IS ONLY AS GOOD AS THE RULES THAT THE ADMINISTRATOR SETS. In other words, unless you learn to write good rulesets, your firewall will be useless. (Or at least unless you get a good firewall script or config utility.) > 3) Will the above setup be able to secure Building A from malicious attacks? Yes... again, only with good rulesets, and dilligence. Security isnt something that you can just fire and forget. Once you get your firewall box up and running, and get your rulesets perfected, then you need to ensure that some mechanism is in place to alert you or some admin when attacks occur, and when any other bad thing happens. Also, keeping really good logs is a must. > 4) What can you further recommend? Read any books you can on security and firewalls, read books on ipchains and iptables, ask around on the mailing lists at security focus... search the net for info on security products, firewall scripts, rulesets, etc. I have some I can send you if you want, that I got from a guy on one of hte security focus lists a while back... ciao J _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
